From: Barry Finkel (b19141@ACHILLES.CTD.ANL.GOV)
Date: Wed Mar 12 2003 - 14:19:33 EST
>Management here has just asked us to shut off sendmail because of the most
>recent hole. Anyone got any obvious reasons why we should/should not do
>this ?
The information I a colleague forwarded to me (from bugtraq) seems to
imply
1) that the vulnerability was found via a code inspection - a counter
was incremented and not decremented - there has been no break-in
using this vulnerability.
2) the group in Poland doing the research could only produce an exploit
on Slacware Linux. They tried a variety of different Unix platforms.
For an exploit to occur, there has to be some usable storage located
in the executable just after the buffer that would overflow, and
getting something usable there depends upon the compiler used to
compile sendmail. The group made it clear in their analysis that
just because they were unable to produce an exploit does not mean
that there is no exploit possible.
I conclude that the vulnerability is not as bad as the trade press
would have us believe.
----------------------------------------------------------------------
Barry S. Finkel
Electronics and Computing Technologies Division
Argonne National Laboratory Phone: +1 (630) 252-7277
9700 South Cass Avenue Facsimile:+1 (630) 252-4601
Building 222, Room D209 Internet: BSFinkel@anl.gov
Argonne, IL 60439-4828 IBMMAIL: I1004994
This archive was generated by hypermail 2.1.7 : Wed Apr 09 2008 - 22:16:39 EDT